Analyze scan results
A scan observes the data flow in an application and reports vulnerabilities that it discovers.
After you analyze the results, update your code and run the scan again to verify the vulnerability is fixed.
After a scan completes, you can view information on vulnerabilities, the name of the project creator, and the name of the person who ran each scan.
Select Scans in the header.
The Scans page shows a list of scan projects..
Select a scan project.
On the Overview tab, view a summary of the scan results as well as a list of scans in the project.
The summary section shows these details:
Score: A letter grade that represents the potential security risk for application based on the most recent scan in the project.
Scan uses the Contrast library scoring..
Vulnerabilities: The number of vulnerabilities discovered in the most recent scan.To see details about discovered vulnerabilities, select the number.
New Vulnerabilities: The number of new vulnerabilities discovered in the most recent scan. This value excludes vulnerabilities that previous scans discovered and are not fixed.
For example:
If Scan 1 discovered three vulnerabilities:
The number of vulnerabilities is three.
The number of new vulnerabilities is also three.
If code modifications introduce a new vulnerability but do not fix existing vulnerabilities, when you run Scan 2:
The vulnerabilities number changes to four (all discovered vulnerabilities).
The new vulnerabilities number becomes one (the new one discovered in Scan 2).
To see details about new vulnerabilities, select the number.
Remediated: The number of vulnerabilities that are fixed by changing source code or configuration files within the application.
To see details about remediated vulnerabilities, select the number.
Scans completed: The number of scans completed in the project.
To see details about completed scans, select the number.
Days since last scan: The number of days since the last scan completed.
The Scan history shows these details:
Vulnerabilities: A bar that shows the different types of detected vulnerabilities for a scan.
To view a filtered list of a specific type of vulnerability, select a section of the bar.
Label: The label associated with the scan.
To view additional scan details, select the label.
Scan date The date the scan completed.
Name: The name of the person who ran the scan.
Language: The languages detected in the scanned code.
Coverage: A link to additional scan details.
To export the results to a SARIF file, select the Download icon (
) at the end of a scan's row.To filter the Scan history by language, select the Filter icon (
) next to the Language column.On the Vulnerabilities tab, to sort the vulnerabilities by status or severity, select the Filter icon (
) next to the Severity or Status columns and select one or more statuses.Severity filters:
Status filters:
To clear a filter, select Clear next to the Severity or Status column.
To view more information about a specific vulnerability, in the Vulnerabilities tab, select the vulnerability.
The Overview tab for the selected vulnerability shows a description of the vulnerability, including what happened in your code and the risk associated with the vulnerability.
To view the details about the vulnerability and its location in your code, select the Details tab:
The method where a vulnerability exists.
The file where the scan discovered the vulnerability.
The first line in the code where the scan discovered the vulnerability.
To view suggestions for fixing the code, select the How to fix tab.
To view additional details about the vulnerability, select the Notes tab for these details:
When the vulnerability is detected
The code module where Contrast found the vulnerability
The type of vulnerability (for example, injection)
Severity
Risk confidence
Security standards that apply to the vulnerability
To view vulnerability activity, select the Activity tab for these details:
The user who made changes
Vulnerability status changes
Comments